[EMAIL PROTECTED] (Travis H.) wrote in
news:[EMAIL PROTECTED]:
> I can't parse this. If the traffic is to the server, it will be
> inbound. Queuing works on outbound traffic. They are distinct, and
> don't interact in full-duplex mode.
>
> Or are you talking about doing this on your external interface?
>
More detailed example of what I mean:
two interfaces:
- external (fxp0) with 1mbit up/down bandwidth
- internal (fxp1) 100mbit to hosts on internal net.
part of potential ruleset:
set skip on lo0
scrub in all
altq on fxp1 cbq bandwidth 100Mb queue {int_ack, int_misc, \
ext_bulk, ... other queues ... }
queue int_ack on fxp1 bandwidth 5% cbq(borrow)
queue int_misc on fxp1 bandwidth 20% cbq(default borrow)
queue ext_bulk on fxp1 bandwidth 1Mb cbq \
{ext_bulk1,
ext_bulk2}
queue ext_bulk1 on fxp1 bandwidth 500Kb cbq(borrow)
queue ext_bulk2 on fxp1 bandwidth 500Kb cbq(borrow)
..other queues...
nat on fxp0 from any to any tagged routed -> fxp0
..other rules...
pass in on fxp1 from <allowed_int_hosts> to <some_ext_hosts> ports { \
$p_bulk1 } keep state tag routed queue ext_bulk1
pass in on fxp1 from <allowed_int_hosts> to <othr_ext_hosts> ports { \
$p_bulk2 } keep state tag routed queue ext_bulk2
..other rules...
pass out on fxp0 from any to any tagged routed keep state
So, some hosts on internal net connect to some external hosts, and
returning traffic goes back through ext_bulk1/2 queues on fxp1. That's
more or less typical example "how to queue inbound traffic, using
inetrnal interface", similar to other ones, easy to find around.
Back to my point: with limited inbound traffic (by isp) to 1mbit, the
incoming traffic is just some traffic. If whatever comes in, assigned
to ext_bulk1 saturates a bit ext_bulk2 - total traffic will be still
1mbit, and there won't be any hmmm, strain to suddenly limit ext_bulk1
in favor of ext_bulk2 - as far as I understand, borrow options on both
subqueues will just make PF adapt to current shape of whatever in that
1 mbit comes back through fxp0 and fxp1 to internal hosts. If borrows
were not there, then it could work, assuming participating host(s)
would behave and slow down.
Is my reasoning right or is PF / queuing more clever than I assume ?
Normally I'd just set one ifext_bulk queue, to make sure that traffic
coming from outside back to internal hosts, has always reserved 1mbit
outgoing queue on internal interface, and for example - other internal
hosts won't saturate the link by abusing some services sitting on routing
machine.
Well, hope this is more clear than my previous post.
